mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-30 15:38:06 +01:00
177 lines
4.3 KiB
Groff
177 lines
4.3 KiB
Groff
.\" opiepasswd.1: Manual page for the opiepasswd(1) program.
|
|
.\"
|
|
.\" %%% portions-copyright-cmetz-96
|
|
.\" Portions of this software are Copyright 1996-1997 by Craig Metz, All Rights
|
|
.\" Reserved. The Inner Net License Version 2 applies to these portions of
|
|
.\" the software.
|
|
.\" You should have received a copy of the license with this software. If
|
|
.\" you didn't get a copy, you may request one from <license@inner.net>.
|
|
.\"
|
|
.\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan
|
|
.\" McDonald, All Rights Reserved. All Rights under this copyright are assigned
|
|
.\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
|
|
.\" License Agreement applies to this software.
|
|
.\"
|
|
.\" History:
|
|
.\"
|
|
.\" Modified by cmetz for OPIE 2.3. Added -f flag documentation.
|
|
.\" Updated console example.
|
|
.\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation.
|
|
.\" Modified at NRL for OPIE 2.0.
|
|
.\" Written at Bellcore for the S/Key Version 1 software distribution
|
|
.\" (keyinit.1).
|
|
.\"
|
|
.ll 6i
|
|
.pl 10.5i
|
|
.lt 6.0i
|
|
.TH OPIEPASSWD 1 "January 10, 1995"
|
|
.AT 3
|
|
.SH NAME
|
|
opiepasswd \- Change or set a user's password for the OPIE authentication
|
|
system.
|
|
|
|
.SH SYNOPSIS
|
|
.B opiepasswd
|
|
[\-v] [\-h] [\-c|\-d] [\-f]
|
|
.sp 0
|
|
[\-n
|
|
.I inital_sequence_number
|
|
]
|
|
[\-s
|
|
.I seed
|
|
] [
|
|
.I user_name
|
|
]
|
|
|
|
.SH DESCRIPTION
|
|
.I opiepasswd
|
|
will initialize the system information to allow one to use OPIE to login.
|
|
.I opiepasswd
|
|
is downward compatible with the keyinit(1) program from the
|
|
Bellcore S/Key Version 1 distribution.
|
|
|
|
.SH OPTIONS
|
|
.TP
|
|
.TP
|
|
.B \-v
|
|
Display the version number and compile-time options, then exit.
|
|
.TP
|
|
.B \-h
|
|
Display a brief help message and exit.
|
|
.TP
|
|
.B \-c
|
|
Set console mode where the user is expected to have secure access to the
|
|
system. In console mode, you will be asked to input your password directly
|
|
instead of having to use an OPIE calculator. If you do not have secure access
|
|
to the system (i.e., you are not on the system's console), you are
|
|
volunteering your password to attackers by using this mode.
|
|
.TP
|
|
.B \-d
|
|
Disable OTP logins to the specified account.
|
|
.TP
|
|
.B \-f
|
|
Force
|
|
.I opiepasswd
|
|
to continue, even where it normally shouldn't. This is currently used to
|
|
force opiepasswd to operate in "console" mode even from terminals it believes
|
|
to be insecure. It can also allow users to disclose their secret pass phrases
|
|
to attackers. Use of the -f flag may be disabled by compile-time option in
|
|
your particular build of OPIE.
|
|
.TP
|
|
.B \-n
|
|
Manually specify the initial sequence number. The default is 499.
|
|
.TP
|
|
.B \-s
|
|
Specify a non-random seed. The default is to generate a "random" seed using
|
|
the first two characters of the host name and five pseudo-random digits.
|
|
.SH EXAMPLE
|
|
Using
|
|
.I opiepasswd
|
|
from the console:
|
|
.LP
|
|
.sp 0
|
|
wintermute$ opiepasswd \-c
|
|
.sp 0
|
|
Updating kebe:
|
|
.sp 0
|
|
Reminder \- Only use this method from the console; NEVER from remote. If you
|
|
.sp 0
|
|
are using telnet, xterm, or a dial\-in, type ^C now or exit with no password.
|
|
.sp 0
|
|
Then run opiepasswd without the \-c parameter.
|
|
.sp 0
|
|
Using MD5 to compute responses.
|
|
.sp 0
|
|
Enter old secret pass phrase:
|
|
.sp 0
|
|
Enter new secret pass phrase:
|
|
.sp 0
|
|
Again new secret pass phrase:
|
|
.sp 0
|
|
|
|
.sp 0
|
|
ID kebe OPIE key is 499 be93564
|
|
.sp 0
|
|
CITE JAN GORY BELA GET ABED
|
|
.sp 0
|
|
wintermute$
|
|
.LP
|
|
Using
|
|
.I opiepasswd
|
|
from remote:
|
|
.LP
|
|
.sp 0
|
|
wintermute$ opiepasswd
|
|
.sp 0
|
|
Updating kebe:
|
|
.sp 0
|
|
Reminder: You need the response from your OPIE calculator.
|
|
.sp 0
|
|
Old secret password:
|
|
.sp 0
|
|
otp-md5 482 wi93563
|
|
.sp 0
|
|
Response: FIRM BERN THEE DUCK MANN AWAY
|
|
.sp 0
|
|
New secret password:
|
|
.sp 0
|
|
otp-md5 499 wi93564
|
|
.sp 0
|
|
Response: SKY FAN BUG HUFF GUS BEAT
|
|
.sp 0
|
|
|
|
.sp 0
|
|
ID kebe OPIE key is 499 wi93564
|
|
.sp 0
|
|
SKY FAN BUG HUFF GUS BEAT
|
|
.sp 0
|
|
wintermute$
|
|
.LP
|
|
.SH FILES
|
|
.TP
|
|
/etc/opiekeys -- database of key information for the OPIE system.
|
|
|
|
.SH SEE ALSO
|
|
.BR ftpd (8),
|
|
.BR login (1),
|
|
.BR passwd (1),
|
|
.BR opie (4),
|
|
.BR opiekey (1),
|
|
.BR opieinfo (1),
|
|
.BR su (1),
|
|
.BR opiekeys (5),
|
|
.BR opieaccess (5)
|
|
|
|
.SH AUTHOR
|
|
Bellcore's S/Key was written by Phil Karn, Neil M. Haller, and John S. Walden
|
|
of Bellcore. OPIE was created at NRL by Randall Atkinson, Dan McDonald, and
|
|
Craig Metz.
|
|
|
|
S/Key is a trademark of Bell Communications Research (Bellcore).
|
|
|
|
.SH CONTACT
|
|
OPIE is discussed on the Bellcore "S/Key Users" mailing list. To join,
|
|
send an email request to:
|
|
.sp
|
|
skey-users-request@thumper.bellcore.com
|